Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

"Paterson Kenneth" <> Sat, 16 March 2019 11:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5BFAC1277C9 for <>; Sat, 16 Mar 2019 04:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KRnPtsI8iXSX for <>; Sat, 16 Mar 2019 04:30:17 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4D0D0127598 for <>; Sat, 16 Mar 2019 04:30:15 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.439.0; Sat, 16 Mar 2019 12:30:05 +0100
Received: from ([fe80::c1d4:d225:fabf:1974]) by ([fe80::2cd8:4907:7776:c56d%10]) with mapi id 14.03.0439.000; Sat, 16 Mar 2019 12:30:01 +0100
From: "Paterson Kenneth" <>
To: Michael StJohns <>, Richard Barnes <>
CC: secdir <>, CFRG <>, "RFC ISE (Adrian Farrel)" <>
Thread-Topic: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
Thread-Index: AQHU15MqFmRhH7D8Pkm+dJStft64bKYFdNCAgAB9bQCAAlh9AIAAHb0AgAD4b4CAA5+3AIABFZaA
Date: Sat, 16 Mar 2019 11:30:00 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: de-CH, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Mar 2019 11:30:20 -0000

Dear Mike,

Thanks for sparking this discussion (and thanks to everyone else for engaging). The chairs have been following with interest, and have welcomed the opportunity for questions about the future constitution of CFRG to be aired.

The rough consensus of those who joined the discussion is that we should leave the status of CFRG as it is for now. 

Of course, this kind of question can and should be revisited in future. Triggers for that might include: the workload of the RG increases significantly; a spate of IPR issues arises;  the nature of the work being done in the RG changes further. (This list is intended to be illustrative rather than exhaustive.) At such a point, we can discuss again and invoke the formal procedures of the IRTF and IETF to effect changes.


Kenny (for the chairs)

-----Original Message-----
From: Cfrg <> on behalf of Michael StJohns <>
Date: Friday, 15 March 2019 at 18:53
To: Richard Barnes <>
Cc: secdir <>rg>, "" <>rg>, "RFC ISE (Adrian Farrel)" <>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

    On 3/13/2019 7:32 AM, Richard Barnes wrote:
    > Mike, are your concerns here primarily IPR related?  If that's so, 
    > then maybe that's the level at which we should address them, as 
    > opposed to flipping the bigger RG->WG switch.
    Hi Richard -
    Like I said, I'm not going to push this at this time.  But I think its 
    more than just IPR - avoiding technology because of IPR is more a 
    symptom (and in fact is IETF guidance rather than IRTF policy).
    The CFRG has a unique position in that - unlike ANY other RG as far as I 
    can tell - it's looked at as an immediate feeder for technology for the 
    IETF.  If it were agnostically evaluating the crypto properties of any 
    offered technology, I'd say we're good and I'd move on.  But, with the 
    publication of Curve25519 and its related ... standards ..., the CFRG 
    has moved from evaluation and re-publication of cryptographic standards 
    developed and produced elsewhere into being the first publisher of what 
    could only be characterized as standards, even if published as an 
    Informational RFC in the IRTF stream.
    Ultimately, I think it comes down to fairness and transparency. As an 
    RG, the publications of the RG are not subject to the standards appeals 
    process.  In an WG, the decision not to work on an IPR encumbered 
    technology (or others such as national cryptography) MAY be appealed and 
    overturned (or might not) or sponsored by an AD if there's no applicable 
    or agreeable WG. There's a process for showing such decisions were made 
    transparently, and with a broader audience than just the CFRG having a say.
    Later, Mike
    Ps - hmm... Note that the CFRG charter only mentions the IETF and not 
    the IRTF....
    Cfrg mailing list